SOC 2 Evidence Pack Assembly with Claude Code: Human Review Queue

A production playbook for SOC 2 evidence pack assembly in cross-industry operations using Claude Code: human review queue, run-scoped inputs, logs, typed results, and artifacts.

Audience: Compliance teams

The problem

Compliance teams need SOC 2 evidence pack assembly to run repeatedly against control evidence, screenshots, exports, and audit notes. In cross-industry operations, the pain is not one good answer; it is repeatability, auditability, exception handling, and evidence that survives handoff.

Implementation path

Split the SOC 2 evidence pack assembly result into automatable fields and review-only exceptions, then send low-confidence cases to a human queue with evidence artifacts attached.

Tradeoffs and failure modes

Human review slows a subset of runs, but it lets the workflow ship before every edge case is fully automated. For SOC 2 evidence pack assembly, the practical test is whether a second run can be debugged, retried, and consumed by a product without reading the raw agent transcript.

Review handoff

review_status: needs_review | approved | rejected
review_reason: string
source_evidence: artifact_url[]
agent: Claude Code
workflow: soc2-evidence-pack

Run this on Argo